Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,346 advisories

Liferay Portal's account lockout does not invalidate existing user sessions Moderate
CVE-2023-47798 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Graylog session fixation vulnerability through cookie injection Moderate
CVE-2024-24823 was published for org.graylog2:graylog2-server (Maven) Feb 7, 2024
fabsx00
Liferay Portal denial of service (memory consumption) Moderate
CVE-2024-25143 was published for com.liferay.portal:release.portal.bom (Maven) Feb 7, 2024
Apache Ozone Improper Authentication vulnerability Moderate
CVE-2023-39196 was published for org.apache.ozone:ozone-main (Maven) Feb 7, 2024
Spring Security's spring-security.xsd file is world writable Moderate
CVE-2023-34042 was published for org.springframework.security:spring-security-config (Maven) Feb 6, 2024
Malicious input can provoke XSS when preserving comments Moderate
CVE-2024-23635 was published for org.owasp.antisamy:antisamy (Maven) Feb 2, 2024
spassarop leeN
rbri davewichers
Duplicate Advisory: Central Dogma Authentication Bypass Vulnerability via Session Leakage Moderate
GHSA-qfv2-3p2f-vg48 was published for com.linecorp.centraldogma:centraldogma-server (Maven) Feb 2, 2024 withdrawn
CrateDB database has an arbitrary file read vulnerability Moderate
CVE-2024-24565 was published for io.crate:crate (Maven) Jan 30, 2024
Tu0Laj1
CSRF vulnerability in Jenkins GitLab Branch Source Plugin Moderate
CVE-2024-23902 was published for io.jenkins.plugins:gitlab-branch-source (Maven) Jan 24, 2024
Path traversal vulnerability in Jenkins Matrix Project Plugin Moderate
CVE-2024-23900 was published for org.jenkins-ci.plugins:matrix-project (Maven) Jan 24, 2024
Shared projects are unconditionally discovered by Jenkins GitLab Branch Source Plugin Moderate
CVE-2024-23901 was published for io.jenkins.plugins:gitlab-branch-source (Maven) Jan 24, 2024
Cross-site Scripting in JFinal Moderate
CVE-2024-22497 was published for com.jfinal:jfinal (Maven) Jan 23, 2024
Cross-site Scripting in JFinal Moderate
CVE-2024-22496 was published for com.jfinal:jfinal (Maven) Jan 23, 2024
Cross-site Scripting in beetl-bbs Moderate
CVE-2024-22490 was published for com.ibeetl:beetl (Maven) Jan 23, 2024
keycloak-core: open redirect via "form_post.jwt" JARM response mode Moderate
GHSA-9vm7-v8wj-3fqw was published for org.keycloak:keycloak-core (Maven) Jan 23, 2024
PontusHanssen kasperkarlsson
Insertion of Sensitive Information into Log File in OWASP DependencyCheck Moderate
CVE-2024-23686 was published for org.owasp:dependency-check-ant (Maven) Jan 20, 2024
r3kumar
Hard-coded credentials in org.folio:mod-remote-storage Moderate
CVE-2024-23685 was published for org.folio:mod-remote-storage (Maven) Jan 19, 2024
JavaScript execution via malicious molfiles (XSS) Moderate
CVE-2024-0758 was published for de.ipb-halle:molecularfaces (Maven) Jan 19, 2024
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java Moderate
CVE-2024-23680 was published for com.amazonaws:aws-encryption-sdk-java (Maven) Jan 19, 2024
oscerd
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2024-21733 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jan 19, 2024
westonsteimel
Stored Cross Site Scripting in beetl-bbs Moderate
CVE-2024-22491 was published for com.ibeetl:beetl (Maven) Jan 16, 2024
Apache Shiro vulnerable to path traversal Moderate
CVE-2023-46749 was published for org.apache.shiro:shiro-core (Maven) Jan 15, 2024
Apache Solr allows read access to host environmet variables Moderate
CVE-2023-50290 was published for org.apache.solr:solr-core (Maven) Jan 15, 2024
Cross-site Scripting in JFinal Moderate
CVE-2024-22493 was published for com.jfinal:jfinal (Maven) Jan 12, 2024
Cross-site Scripting in JFinal Moderate
CVE-2024-22492 was published for com.jfinal:jfinal (Maven) Jan 12, 2024
ProTip! Advisories are also available from the GraphQL API